CVE-2025-20375 - Vulnerability Details

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files.

This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by uploading a crafted file to the web UI. A successful exploit could allow the attacker to upload arbitrary files to a vulnerable system and execute them, gaining access to the underlying operating system. To exploit this vulnerability, the attacker must have valid administrative credentials.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00055.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Cisco Subscribe	Unified Contact Center Express Subscribe

Configuration 1 [-]

OR	cpe:2.3:a:cisco:unified_contact_center_express::::::::
	cpe:2.3:a:cisco:unified_contact_center_express:15.0:::::::*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Cisco Subscribe	Unified Contact Center Express Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-mult-vuln-gK4TFXSn

History

Tue, 18 Nov 2025 04:45:00 +0900

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:cisco:unified_contact_center_express:::::::: cpe:2.3:a:cisco:unified_contact_center_express:15.0:::::::*

Thu, 06 Nov 2025 19:15:00 +0900

Type	Values Removed	Values Added
First Time appeared		Cisco Cisco unified Contact Center Express
Vendors & Products		Cisco Cisco unified Contact Center Express

Thu, 06 Nov 2025 06:15:00 +0900

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 06 Nov 2025 01:45:00 +0900

Type	Values Removed	Values Added
Description		A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by uploading a crafted file to the web UI. A successful exploit could allow the attacker to upload arbitrary files to a vulnerable system and execute them, gaining access to the underlying operating system. To exploit this vulnerability, the attacker must have valid administrative credentials.
Title		Cisco Unified Contact Center Express Arbitrary File Upload Vulnerability
Weaknesses		CWE-434
References		https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-mult-vuln-gK4TFXSn
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2025-11-05T16:31:43.035Z

Updated: 2025-11-06T04:55:45.946Z

Reserved: 2024-10-10T19:15:13.262Z

Link: CVE-2025-20375

Vulnrichment

Updated: 2025-11-05T20:12:33.523Z

NVD

Status : Analyzed

Published: 2025-11-05T17:15:38.723

Modified: 2025-11-17T19:40:23.360

Link: CVE-2025-20375

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-11-06T19:06:58Z

Weaknesses

CWE-434

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object